New 'ClickFix' Malware Tricks Users, Steals Bitcoin from Wallets
A recent report warns of a rising malware strain that leverages a social engineering technique dubbed “ClickFix.” Victims are presented with a fake CAPTCHA or a prompt suggesting a system fix, and are coaxed into clicking and executing a command — after which the malware harvests wallet credentials or injects code to drain Bitcoin. Security teams say the method is notable for its simplicity and effectiveness against inattentive users, making it a growing threat to desktop and browser-based wallets.
Researchers and exchanges are urging immediate caution: do not run unfamiliar prompts or paste commands from untrusted sources, keep wallet software and OS patches up to date, and consider hardware wallets or multi-signature setups for larger balances. An investigation is ongoing and users should monitor address activity and enable alerts for outgoing transactions. This attack underscores ongoing risks from social-engineering tactics even as on-chain defenses improve.